Since cybersecurity threats are constantly changing, it is imperative that organisations keep up with the latest malware developments and fortify their defenses. This paper examines ExelaStealer, a trojan that steals information that was just found. It examines the characteristics of ExelaStealer, the potential danger vectors connected to it, and offers mitigation strategies to lessen its effects.
Malware that targets Windows systems includes ExelaStealer. Passwords, credit card information, and cookies are among the sensitive data that this malicious program is made to steal from its victims. The open-source and commercial versions of ExelaStealer are both reasonably priced. This technology poses a serious risk because of its accessibility, which allows a broad spectrum of attackers to employ it.
Indicators of Compromise (IOCs):
The following IOCs have been associated with ExelaStealer malware, and they should be monitored within the network:
sirketruhsatpdf.exe SHA256: f96bc306a0e3bc63092a04475dd4a1bac75224df242fa9fca36388a1978ce048
sirketruhsatpdf.exe SHA256: 95d860570b2777d7af213f9b48747d528251facada54842d7a07a5798fcbfe51
BNG 824 ruhsat.pdf SHA256: 5aff2c5e65d8e4e7fa0b0c310fbaef1e1da351de34fa5f1b83bfe17eeabac7ef
RuntimeBroker.exe SHA256: 34dca3c80cd5125091e6e4de02e86dcc6a2a6f9900e058111e457c9bce6117c0
RuntimeBroker.exe SHA256: c56b23602949597352d99aff03411d620b7a5996da2cab91368de275dcfbaa44
Discord webhook address: hXXps://discord[.]com/api/webhooks/1139506512302194789/X_VYZdAHscWQ NKWvya9KWqqqTK6UjVvS86_kUy8P8OyCcPhKykCQpEqf93S_qDFVuzp8
These IOCs can be valuable in threat detection and mitigation efforts.
By staying informed about the evolving threat landscape and emerging attack vectors, refining SIEM rules, and implementing preventive measures, organizations can improve their defenses against emerging threats like ExelaStealer and prevent such attacks from happening in future.
This threat bulletin was researched and created by Arunagiri S, a SOC analyst from Positka